THEA TECH SOLUTIONS · BANGKOK, THAILAND
Your AI-built product works.
That's the problem.
AI-generated code looks finished — so nobody reviews it. 45% of it ships with a known vulnerability. I find what breaks before your users, your investors, or a regulator does.
Production-hardened for fintech, healthtech, and regulated EU startups
What I look for
What I actually look for
Every audit surfaces the risks AI coding tools create and humans miss.
Secrets in the client bundle
Anyone can read your API keys. One GitHub scraper away from a breach.
PII in your logs
That is a GDPR violation, not a bug. Fines start at €20M or 4% of turnover.
Open row-level security
User A reads User B's documents. The CVE-2025-48757 pattern, found in 170+ apps.
No idempotency on webhooks
Payment retries charge your customer twice. Stripe won't refund your reputation.
Single-source data dependency
One vendor changes terms or goes down, your product goes blind. No fallback.
No audit trail
You cannot prove compliance. When a regulator asks, the answer is silence.
EU AI Act
The EU AI Act Clock
If your product talks to EU users with AI, these dates apply to you — regardless of where your company is based.
August 2, 2026 — Article 50: Transparency obligations live
Any AI system interacting with EU users must disclose it's AI. Fines to €15M or 3% of global turnover.
December 2, 2026 — AI content watermarking
Machine-readable markers for AI-generated content. Grace period ends for pre-August systems.
December 2, 2027 — Annex III: High-risk obligations
Credit scoring, employment, essential services, biometrics. Conformity assessments start here.
Proof
What this looks like in practice
A founder told me he rebuilt my AML screening system in a weekend with Claude Code.
He found OpenSanctions — 400+ sources, free download. Wired it up in three days. Looked finished.
What he missed:
That data is free for non-commercial use only. Screening your own customers is commercial. He needs a license he doesn't have.
Search "Gazprom" — 44 results. Search "Газпром" — 327 results. Same company, different alphabet. His system catches one of them.
The system he replaced pulls 13 government sanctions feeds direct from source. OFAC, UN, EU, UK, Australia, Canada, UAE, Singapore, Japan, Switzerland, New Zealand, Hong Kong, Interpol. Each with its own collection worker. Because if you depend on one aggregator and it changes terms, your screening goes blind.
He didn't build an AML system. He built the demo of one.
The demo is now free. The difference between the demo and the thing that survives an audit is the entire job.
Pricing
Pricing
Published because you'll ask Claude what an audit should cost before you contact me. This way I'm in the answer.
Production Readiness Audit
€3,500 · 5 days · fixed price
Findings report with ranked risks. Every finding gets a trigger event and a price tag — not vague warnings. Secrets scan, data layer review, EU AI Act exposure check, 90-day fix roadmap.
Book an audit →Hardening Sprint
€6,000 – €10,000 · 4 weeks
Fix the top findings from the audit. RLS policies, webhook idempotency, secrets rotation, audit trails, monitoring. Ship it production-ready.
Retained
€2,500 – €4,500/mo
Ongoing data layer, monitoring, evals, sign-off, on-call. For products that passed the audit and need someone accountable when it breaks at 2am.
Client words
What they say.
"He integrated AI-driven AML screening into our compliance pipeline across 1.7 million sanctions records. It actually works in production, not just a demo."
Kenneth
Founder, HubSecure
"Riz understood the compliance constraints from day one. In regulated fintech, that kind of reliability is rare in an external partner."
Venu
Director, Qwil
"236 tasks, 600 tests, three apps — one person. Riz delivered a complete product, not just code."
Geir-Ove
Founder, AsyncQuiz
"We needed senior-level execution without the ramp-up time. Riz shipped production features faster than most full-time hires I've seen."
Sahil Gupta
Founder & CEO, Noah
"Page loads went from seconds to milliseconds. Riz delivered faster than our timeline and the quality exceeded what we expected."
Akta Adani
Co-Founder & CEO, Nomadory
Selected work
AI & full-stack projects we've shipped.
mymuaythai.app
Joe's vision. Our engineering. Built from inside the sport's home country.
mymuaythai.app is a platform connecting Muay Thai gyms, trainers, and students across Thailand. Joe had the vision, the…
View case study →AsyncQuiz
Async quiz competition platform for a Norwegian client. Complex, multilingual, on deadline.
SparSammenAS is a Norwegian company building a quiz competition platform where teams compete asynchronously — no shared…
View case study →Nomadory Shop
Headless Shopify + Next.js 15 for a B2B nomad gear brand. Fast, flexible, no bloat.
Nomadory is a B2B nomad gear brand. They needed a storefront that didn't feel like a Shopify theme — custom design,…
View case study →SimplySmartChat
AI-powered WooCommerce sales assistant. RAG pipeline meets real product knowledge.
An AI chatbot that actually knows the product catalog. Built for a WooCommerce store — the bot ingests product…
View case study →Thea Tech Internal Automation
n8n workflows, AI agents, and infrastructure automation. The backbone behind the business.
The internal systems that keep Thea Tech running efficiently. n8n queue-mode deployment on a Contabo VPS handling…
View case study →HubSecure
Multi-tenant FinTech compliance platform. KYC, AML, blockchain, AI agents — 12+ repos.
HubSecure is a multi-tenant FinTech compliance platform for KYC/AML verification, built for BCV Group. The system…
View case study →FAQ
Questions founders ask.
What is a Production Readiness Audit?
A 5-day, fixed-price review of your AI-built product. I look at your code, your data layer, your secrets, your compliance exposure, and your failure modes. You get a ranked findings report where every risk has a trigger event and a price tag — not vague warnings. €3,500, no hourly billing, no scope creep.
I built my product with Claude Code / Cursor / Lovable. Is it really that risky?
45% of AI-generated code introduces OWASP Top 10 vulnerabilities. Stanford found that developers using AI assistants wrote less secure code while feeling more confident it was secure. The risk isn't that AI writes bad code. It's that AI code looks finished, so nobody reviews it.
What's the EU AI Act and does it apply to me?
If your product uses AI and interacts with users in the EU, Article 50 transparency obligations apply from August 2, 2026 — regardless of where your company is based. Fines go to €15M or 3% of global turnover. If your product has a chatbot, an AI assistant, or generates AI content shown to EU users, you're in scope.
Do you still build software from scratch?
For retained clients, yes. But the entry point is the audit, not a build proposal. If the audit surfaces work that needs doing, the hardening sprint and retainer are the path. I take on 2-3 retained clients at a time.
Why publish your pricing?
Because you'll ask Claude what an audit should cost before you contact me. If my price isn't findable, I'm not in the consideration set. Published pricing signals a productized offering, not a negotiation.
Get started
Shipped something with AI? Get it audited before it meets real users.
Production Readiness Audit. €3,500. 5 days. Fixed. Every finding gets a price tag.
Book a Free Audit →